Syntax of RACF commands and operands
This publication describes the syntax and function of the RACF® commands. The commands are presented in alphabetical order. Each command description contains several examples.
For the key to the symbols used in the command syntax diagrams,
see Figure 1.
The syntax for all occurrences of the userid, group-name, password, class-name, profile-name, volume-serial, terminal-id, date, and data-set-name operands in this book is as follows:
- userid
- 1 - 8 alphanumeric
characters. The user ID can consist entirely of numbers and need not
begin with any particular character.
For TSO users who are defined to RACF, the user ID cannot exceed seven characters and must begin with an alphabetic,
#
(X'7B'),$
(X'5B'), or@
(X'7C') character. - group-name
- 1 - 8
alphanumeric characters beginning with an alphabetic,
#
(X'7B'),$
(X'5B'), or@
(X'7C') character. (You can set the default prefix to a group name only if the group name contains 1 - 7 characters. If the group name has 8 characters, you must always enter fully-qualified group data set names on the commands. - password
- 1 - 8 alphanumeric characters. Each installation can define its own password syntax rules. Lowercase alphanumeric characters are valid and maintained in the case entered if SETROPTS PASSWORD(MIXEDCASE) is in effect. Some additional symbolic characters are valid if SETROPTS PASSWORD(SPECIALCHARS) is in effect.
- class-name
- Valid class names are USER, GROUP, DATASET, and those classes
defined in the class descriptor table.
The entries supplied by IBM® in the class descriptor table are listed in Supplied RACF resource classes.
- profile-name
- Either a discrete name or a generic name, as described in Naming considerations for resource profiles.
- terminal-id
- 1 - 8 alphanumeric characters.
- volume-serial
- 1 - 6 alphanumeric characters.
- date
- RACF interprets dates as 20yy when the year is less than 71, and 19yy when the year is 71 or higher.
- data-set-name
- The RACDCERT commands use the data set naming convention on z/OS, where quotation marks are optional. If the data set name is not enclosed in quotation marks, the TSO login ID is prefixed to the data set name. If you surround the data set name in quotation marks, the syntax can be clearer and more specific. Therefore, quotation marks are encouraged and are used in the code samples that are provided.